preventing hacking from inside

Hi,

I have looked for this on the net over the nights but couldn't find an answer, though it sound so obvious.

In a linux box that is working as a web server hosting many sites. I descovered that a user can leave out his home directory and the read others files and obtain very important data like database passwords and then use it to destory thier data. The problem is that those files must be chmoded to 755 in order for them to function.

Is there any way or some modified shell that would prevent users logged in via ssh/telnet to read files that are located outside of thier main home directories ?!

To stop ssh/telnet users from accessing others files, they need to be chroot'ed to their home directory.
Another way is to set the permissions on each home directory to 750, and change the group to the webservers group.

To stop PHP from one users directory from accessing anothers when run byu the server, you should be able to use the PHP config files - possibly in conjunctions with some SetEnvIf and Allow/Deny statements in the Apache Config.